Programming Languages 101

A few weeks ago I got an email from my brother asking about some programming tools for a project he wanted to try. He’s a fairly technically savvy guy, but has very little experience programming. He had asked a couple of questions which made assumptions about the lineage of some modern programming languages — assumptions which are totally reasonable given the names, but which didn’t reflect the actual nature of the languages.

This post is based on the email response I sent him.

Disclaimer: I realize that I have glossed over a number of technical details, and even introduced some of the concepts in a way which may even have some technical inaccuracies. This is not intended to be a technical manual, simply an introduction to a technical topic in terms that most non-programmers should be able to figure out.

Typically there have been two primary types of programming languages, compiled and interpreted. The source code of a compiled language is read by a lexer, parsed and then re-written into low-level machine instructions which can be executed directly on the hardware involved. Compiled languages almost always need to be recompiled for each individual platform because the physical instruction sets of Intel (x86), SPARC, ARM and other processors are all different. Operating system calls are also different. This means that code compiled to run on an Windows-based Intel machine won’t run on a Solaris-based SPARC machine.

Interpreted languages are not compiled. They are executed as they are read by some other process. These are sometimes called “hosted” programs since they don’t execute natively on the computer which is running them. The host process (web browser, game, or other runtime environment) reads the script line by line and then takes the appropriate action. So it’s the host process which actually reads files, communicates with the Internet or displays graphics on the screen. The interpreted language (script) is little more than a recipe. This is why differences in the implementation of the specification behind the script can cause such big problems. When you have 5 different web browsers which don’t quite agree on how to execute a particular construct of JavaScript it’s like the chef’s at 5 different restaurants having a different idea of what a medium-rare steak is. Sure it’s nice if one happens to do things the way you want, but you’ll never know until you try them all.

C is like the grand-daddy of modern languages. It’s curly-brace syntax pervades many modern languages (C++, Java, C#, JavaScript and many others). It is, however, a much lower-level language providing direct control of many system resources. C can also be optimized for speed and does not explicitly require any external frameworks or libraries to work. It’s a good language to have a grasp on, but may not be one you would ever use on a day-to-day basis.

JavaScript (a variant of and predecessor to the ECMAScript standard) was a language developed by Netscape in the 1990s to be a part of its web browser. Aside from the curly-brace design and the name, JS has absolutely nothing to do with Java. Until very recently, JS was purely an interpreted language. Its domain was to live inside the browser and help animate funny little things on screen or possibly display messages as you filled out a form. It’s only in the past few years that JS has really taken on a more leading role as massive libraries of complex JavaScript (jQuery) and people doing some seriously cool stuff with the language have led to uses of JS outside the browser. The node.js project is a perfect example. Node (whose executable is written in C) will serve as an engine for running JavaScript from the command-line much in the same way as Python, Perl and PHP do.

Just as most rules are made to be broken, so is the rule about a language being either compiled or interpreted. There are some languages which are a strange (and powerful) hybrid of both. Java and C# are both compiled languages. The thing is, they don’t compile down to natively executable machine code. They compile down to an intermediate format which is then interpreted when the code is executed. This provides a mechanism for the compiler to optimize the code for faster execution, while also providing a mechanism for the code to be ported to other platforms with minimal modifications.

From a language perspective C# and Java are like half-siblings… both members of a generation of languages designed to help build large cross-platform enterprise business systems, which have been drawn out into other areas due to sheer popularity. Visually the two languages look almost identical, with similar features and a “C-like” syntax, but due to each one being built to operate primarily with it’s own native framework (.NET for C# and J2SE for Java) the source code is essentially incompatible with the exception of a few trivial examples.

This all brings me to HTML5. This term has to be one of the most overused, over-hyped and poorly understood technological terms of the past decade. The name would imply that HTML5 is a new version of the HTML specification, designed to replace the rather aged HTML 4 specification in use on most websites today. And technically, that’s exactly what it is. There is a new version of HTML with some new tags (like <;video>; and <;canvas>;) which will provide web developers with some new tools to create compelling website experiences. The problem is that there are a lot more things behind the scenes that really make the next generation of web platforms powerful. A new version of HTML is just the start.

The new additions to the HTML DOM (Document Object Model) bring with them more powerful capabilities for JavaScript and CSS to help code and style the way web applications work. The <;canvas>; element is great, but it doesn’t do much without some fabulous JavaScript code to do the heavy lifting.

The next iteration of the CSS will provide more versatile styling for websites, allowing designs to function both for the desktop as well as the dozens or hundreds of combinations of screen sizes and browser capabilities on modern mobile devices. There’s a big difference between the kinds of things an iPhone 4S can display compared to a 3-year old BlackBerry Bold — both of which I have on the desk in front of me.

To wrap this up I really wanted to thank my brother for asking the question and giving me the opportunity to examine this question in detail. It isn’t something that I think about in my day-to-day work with software, but it’s still something important that bears examining from time to time.

Accessing HttpContext objects from other classes

I could swear I wrote about this at some point in the distant past, but I couldn’t find the article this week when I needed it to help troubleshoot an issue with another developer. The issue he was having was how to access objects from the executing web page’s HttpContext object from a class other than the CodeBehind of the executing web-forms page. Essentially he was looking for a way to map a web-path to a physical folder path without needing to hard-code it or know where the application was deployed on the server in question.

If done correctly, an application can reside anywhere in the file system and be deployed to a virtual directory at any depth without causing a problem with URL resolution. In the code-behind of a web-forms page, the code is simple:

string physicalPath = Server.MapPath("~/somefolder/myfile.xml");

However doing this from another page involves just a little bit more work:

Using System.Web;
string physicalPath = HttpContext.Current.Server.MapPath("~/somefilder/myfile.xml");

It’s really quite straightforward when you see it, and I can’t believe that I forget how to do it. This method will also provide you access to lots of other useful objects which makeup the “state” of the application from an HTTP perspective.

Aftermath of a Hack

This site was hacked. While it’s still unclear exactly how it happened, or precisely when, sometime in the past 6 weeks my blog, at least 2 other websites and possibly my DreamHost shell account were all hacked. I’m generally a pretty security conscious person, but even I get lazy from time to time. It wasn’t clear to me just how dangerous that laziness could be until this week. I’m going to outline a bit below some of the issues which may have led to my problems, and talk about the steps that have now been taken to help prevent them from occurring again in the future.

The Problem

In retrospect I can see five things I did wrong, and all of them can be traced back to laziness or perhaps, to be less forbidding, they can be traced back to actions taken (or not taken) for the sake of convenience.

Error #1 – Out-of-date Software

Many of us take the time to make sure our operating systems and browsers are up-to-date and fully patched; but do we take the necessary time to make sure that all of our software is patched? Particularly things which don’t reside on our home computers? If you run your own blog, forum or other website and are responsible for your own updates can you say unequivocally that you are currently running the latest and greatest version? Software that is out of date by as little as one revision may have critical vulnerabilities which could allow for disruption of your site, or even execution of commands on your web server.

([aside: If you don't use Secunia's PSI product on your home PC at least once a month, you should.])

Error #2 – Abandoned Web Properties

This goes hand-in-hand with the out-of-date software but is, in some ways, a bit trickier to prevent. It is far easier to remember to update software on sites which you update and monitor on a regular basis. It’s far more difficult to monitor sites which have been, for lack of a better term, abandoned. In my case there were three separate sites on my account which were running versions of their software which were more than 12 months out-of-date. The reason was that I was no longer maintaining these sites and had, in essence, forgotten they were still there. I had hidden a couple of them by renaming the homepage which made it look (to the casual observer) like the sites weren’t there but of course all of the other pages were still in their normal locations and were full of holes.

Error #3 – Shared User Accounts

Sharing is good, right? Not in this case… I have a several different domains hosted under a single hosting account. DreamHost is really generous allowing customers to register any number of domains and attach them to the account. I host sites for myself, for family and for a couple of organizations I’m affiliated with. This in and of itself does not cause a problem. The security hole in my plan was that most of these domains were hosted on a single user account. This means that if that shared user account gets compromised, all of the domains which are run on that user account are potentially at risk.

Error #4 – Lack of Backups

The websites had no viable backups. Because no regular backups were being run of the account, it was virtually impossible to trace when the hack initially occurred. If there had been regular full or differential backups being made of the various websites it may have been possible to determine when the initial attack took place and roll all of the sites back to the way they were before they were compromised. In addition, if there had been any data loss (there does not appear to have been) the lack of backups could have meant the loss of many hours of work.

Error #5 – Reused Credentials

We hear it all the time – do not reuse usernames and passwords on your various accounts, particularly accounts you care about or are important. Account reuse increases the chances that a hack on one site can do more wide-spread damage than the initial compromised password should really allow. My main SSH credentials were a username and password that I had used on over 100 different sites and services. I know for sure that one of the web properties I use had these particular credentials released into the wild. Why didn’t I change the password? I don’t know. If that was the entry vector, it is quite possible that a number of other accounts of mine have also been compromised.

Overall Impact

The impact was (thankfully) minimal. Only two sites of value were compromised, and it appears that all of the data for those sites is undamaged. A number of other obsolete sites were compromised as well but as they are no longer actively used they are of no great loss. It also appears that some sort of mass-mailing script was being run from the account as well. My server-side user account had received over 27K “Message Undeliverable” replies from various web servers. I hate to think how many it was able to send successfully.

The Cleanup

The cleanup had to be done in phases, addressing each of the five defects individually. Some of them were very easy to change, others required quite a bit more effort to implement and verify. However before any of the remediation could begin, the site needed to be cleansed.

The very first step was to ensure that my local machine had not been infected or compromised. I was pretty sure that it was clean as scans are run every night, but it would be like trying to wash a car with mud. No amount of scrubbing with the muddy sponge would get it clean. The machine checked out.

The second step was to change the passwords for all of the users on my hosting account, and change the main password for the account itself.

Next, data from the websites that needed to be saved was exported. None of the code for the software running those sites was saved, only the data. There was no way to tell if the software was clean or compromised so I decided to take no chances. The application software is not that difficult to install, and I was willing to take the hit on setting up modules, components and themes anew.

Once the data was backed up I wiped out all of the data on the user accounts which were being preserved. This meant a full wipe from the file-system from the operating-system shell on the server. All files and directories including “hidden” and “special” folders were wiped out. Some of these operations required the assistance of a DreamHost technician.

Step #1 – Remove all unused or obsolete websites

This was taken care of as part of the cleanup activities mentioned above. Simply removing the affected websites greatly decreased the attack surface of the account and reduced the number of attack vectors which could be used to attack the websites and/or the account.

Step #2 – Remove all un-needed user accounts

In the case of any obsolete sites, test accounts or test databases, these were removed directly from the hosting provider’s control panel as they would no longer be needed. Much like response #1, there is no sense in keeping any old files or data hanging around where they might later become a liability.

Step #3 – Change the passwords again

Once all of the files, scripts, data, databases, directories, logs and anything else I could think of were removed from the sites, the passwords were rotated again. This was done in the off-chance that there were cached credentials or some other form of persistent authentication lurking somewhere in the ether.

Step #4 – Create new per-domain user accounts

For each of the domains that would be remaining active, a new user account was created specifically for that user. These accounts would be used to connect to and install the necessary software on the websites, as well as to run backup and maintenance scripts. Passwords for these accounts were set to extremely long strings of random characters as they would not be required for day-to-day access and maintenance.

Step #5 – Set up public key authentication

For regular access to these sites, I decided to go with public key authentication. By requiring a private key (stored in an encrypted volume on my main desktop) and a lengthy but easy-to-remember passphrase I could fairly safely rely on the same public/private key pair to secure access to all of the websites. I found out during this step that both PuTTY’s puttygen application and my hosting provider’s implementation of OpenSSH have an upper-limit on the length of the passphrase. It is still a very long upper limit, but I was surprised to find it. If you share access to a website keys can be installed for each trusted user using the same method.

Step #6 – Change passwords again (optional)

Once the public-key authentication is in place the account passwords can be changed at will without affecting the state of the affected keys. This means that I have effectively made the public keys the only viable way of accessing the site over SSH short of having access to the main hosting provider account to do a password reset. Admittedly this step is for the very security conscious (read: paranoid) as I was quite certain at this point that the passwords on the system at this time had not been compromised. This however is to be the first step in a regularly scheduled series of password rotations that the system will handle on my behalf as a part of standard system maintenance.

Step #7 – Reinstall all server-side software

Once all of the base security measures was in place and tested, I set up the application software I wanted to run on the web server. The key here is to do the set up using copies of the software obtained only from trusted sources. What a trusted source is will vary from software package to software package, but typically the main project site for an open-source project (not a mirror) or the vendor website are good places to start. In this case downloading the latest stable WordPress release from the main website <link>. I made sure not to rely on previously downloaded installation packages, getting the newest most up-to-date version I could lay my hands on.

Step #8 – Configure server-side software

Each software package is different, but going through all the configuration steps for your software package is important: don’t try to short-cut the process. In the case of WordPress we have to set up a MySQL database, set a number of hey/hash values which are used for authorization and cookies and finally set up the user accounts. I wanted to make sure that any passwords, keys or salt values were set using long randomly-generated strings. In my case I used the password generation function in LastPass. Other options would include tools like 1Password, RoboForm or Perfect Paper Passwords <Links>. The longer and more random the string is, the more difficult it will be to crack. I have been using values from 24 to 64 characters in length depending on the purpose. If you have a system that assigns default passwords for new user accounts, be sure to change those default system-generated passwords and replace them with your own strong credentials at this stage.

Step #9 – Set up extensions and themes for server-side software

Once I got the base configuration is in place it was time to add in the additional features I required for these sites. In my case it was a collection of WordPress plugins and themes. It is easy to forget that each extension, plugin or theme that you add to your website’s software package is in fact additional software that will be executed when the website is used. Just as with the base software package it is important to trust the source of your plugins and themes. If you are suspicious as to the origins of the software, choose something else. I also added the plugins and themes one at a time confirming after each step that there were no immediately visible defects.

Step 10 – Automated backup

The next step was to add a backup script for both the website and the associated database. By building this as a shell script it was possible to schedule full backups of the various sites and have them run on a set schedule. For now the script is very simple:

Extract the contents of the database
Zip the website and extracted database into a single archive
Send that file over SFTP to a location off-site from the server

There are other ideas for automation as well, but this post is long enough as it is. I will save those for later.

Lessons Learned

This could have been much worse. In many ways I count myself very lucky. I could have had all of my data wiped out, I could potentially have seen malware/scripts injected into my websites to capture login credentials or other sensitive information. This attack served as a warning and though I have had to spend a number of hours rethinking the way my websites are set up and managed, at the end of the day I will have better control over the sites I manage, better practices in place for dealing with security, and with any luck, better personal habits for dealing with information security.

Last, but certainly not least, a big thank you to the folks at DreamHost for confirming my initial diagnosis, helping to find the possible entry vectors, providing guidance on cleanup and purging, and just generally doing that great customer service thing that they do.

Aussie Geek Podcast – Episode 46

The latest episode of the AGP is in the feed. This week Dave and I go over a few things that took place during our long absence and discuss news from Google, Twitter and Linux. We also have some fantastic apps for mobile, tablet and web and an illuminating story of recycling and ingenuity.

Dave and I had a great time putting this show together, and I had the opportunity to produce an episode of the AGP for the first time in well over a year. It felt good to get my hands dirty again, and I think Dave appreciated the break.

Back to Basics

Over the past year my personal life as undergone some fairly major changes. I started a new job a little over a year back and there were the obvious changes that go along with that. But more importantly my wife and I welcomed our first child into the world and that was a life changing moment. Now, most of you know that I don’t talk about my personal life in the blog so suffice to say that we have thoroughly enjoyed our first year as parents. It is a wonderful experience and we eagerly await every new day to see what will happen next.

One of the things that changes when you have a new baby is the amount of time you can spend on yourself and your own hobbies and pursuits. I used to spend upwards of 4-6 hours every day outside of work on the computer blogging, coding, or otherwise toiling in one digital adventure or another. Now I find that the number ranges somewhere in the range of 0-2 hours per day. That is a pretty drastic reduction no matter how you slice it (about 80% for those of you scoring at home).

There are a number of projects that I have started and stopped over the past few years each of them trying to build a better mousetrap, or re-make something from scratch just to see if I could do it. With the limited time available to me now, I have become more focused on wanting to actually do more with the time I have — this means not reinventing the wheel every chance I get.

My wife and I have both found that we have become far more effective with our time, getting more done with less time than we ever have before. In the past couple of months I have started to extend that to my digital life as well. Gone are the days when I focused on a writing a to-do list, a backup utility, a blogging engine, a photo manager or a disk-erasing tool. There are lots of great (free) tools out there which can handle those tasks very well, even if they don’t satisfy all my neurotic desires (like how my historic completed work tasks should be handled, cataloged and stored for reporting purposes (you know, for when I will pull metrics on my completed work)).

I have also decided that diving in to learn a new, modern programming language is probably something that would realistically take more time than I’m willing to devote to the enterprise. Python, Ruby, Java, and the ASP.NET MVC framework are all on my list, but are undergoing changes and enhancements so frequently that I’m having trouble keeping up with what’s out there, nevermind trying to actually learn the stuff. But I do want to become a productive programmer in some language outside the rather constrained, and somewhat self-imposed, .NET bubble in which I have spent the majority of my professional career. Ideally I would like to write in something that I can port between operating systems without too much headache. Being able to produce code that will run on anyone’s machine is a great asset — especially when you have Windows, Mac and Linux machines in your own house to start with.

So the question is what can I learn that will allow me to:

write code for multiple platforms
grow as a developer
not have to keep up with constant enhancements

The answer I came to was 42 C. It seems to satisfy all of the criteria above for me in a way that other languages don’t.

C is by nature intended to be a multi-platform system. If you’re able to confine your applications to CGI or the command-line this is made even easier.

C also requires developers to know much more about how computers and compilers work than more contemporary languages like C#, Java or Python. Though it arguably makes programming more difficult, I think it will help me become a better programmer over time as I learn some of the trickier parts of getting a computer to do what I want it to do.

The current ANSI standard specification for C was introduced in 1999. This means that for the past 12 years, the standard for C programming has remained essentially unchanged. This makes C a good choice for someone who doesn’t have a great deal of time to keep up with changes and enhancements in the specification.

For all these reasons, and my own simple curiosity I’m embarking on an adventure to learn and become proficient in C. I make no assertions that I’m trying to master the language as I can’t see myself getting beyond the hobbyist or perhaps open-source contributor stages. I do have some ideas for the first couple of projects I would like to tackle once I get the basics out of the way. Hopefully I’ll be able to release some source code back into the world over the next year or two — after all, I’m in no hurry.

Windows Phone 7 – First Impressions

The Redmond-based software giant’s previous offering in the mobile space (the much maligned Windows Mobile) has taken a lot of flack in recent years over the quality and features (or lack thereof) in their mobile operating systems. One of the biggest challenges was the fact that Microsoft did not control the hardware stack. Vendors could essentially build anything they wanted with “compatible” hardware with little or no enforceable guidance from the software maker. All that has changed in 2010. Microsoft has provided a minimum specification for Windows Phone 7 devices which seems to be providing a more consistent experience across devices, and overall better performance than in years past.

In trying to describe it over the past couple of days I keep finding myself referring to it as ‘not an iPhone’. Though it shares many of the same features and capabilities of its iOS brethren, it doesn’t follow the lead in OS design. The overall feel of the UI is very fluid. Screen transitions both in the OS and within many if the applications are smooth and scrollong through long lists of data or

The main screen of the WP7 interface is the set of configurable ‘Live Tiles’. These are in essence large icons which can also be updated by the apps they belong to. Messaging and email applications, for example, display the number of new message and the Marketplace app shows the number of apps you have which are waiting for an update.

The second panel on the main screen is the application list. All of the applications are displayed on a single scrollable list. This alone is a break with the now traditional layout of iOS and Android devices displaying screens and screens if icons. This difference provides an instant differentiation for the new Windows devices.

The one class of applications that is treated differently is games. Games are all listed from within the XBox Live hub isolating them a bit from the rest of the applications.

In the last sentence I mentioned a hub. This is the second major concept that the OS introduces. The hubs are, for want of a better term, points of convergence that bring together disparate sources of similar information. The best and most cited sample of this is the ‘peope hub’. the people hub allows you to merge in your contacts from your (multiple) email accounts and join it to contact information in your MSN messenger account and even your Facebook friends. The people hub uses all of that information to create a single list of contacts each of which contains information from the various sources.

The convergence of the people hub is nice. I’ll be happier once the OS can expand beyond Facebook and Windows Live to incorporate the services I actually use on a regular basis like Twitter, GoogleTalk, Tumblr and Flickr.

So far so good for the newest mobile OS. I’ll have more posts coming in the next few weeks getting into some of these features in more detail, covering other aspects of the Windows Phone 7 ecosystem, and hopefully touching on the developer story for WP7.

Honing the Craft

We were on vacation for a couple of months back staying with my wife’s family in the US. I didn’t completely unplug during the trip, though I wasn’t checking work email, my personal accounts were down to a cursory glance once-per-day, and I’ve dialed back on the Twitter usage quite significantly.

In some of my relaxation time (while babysitting my sleeping 7-month old niece) I got the chance to do a bit of software development. My brother-in-law and I got to talking one night about a project he was hoping to get some help with. He had asked me as an adviser, and since the work was similar to things I’d done for work in the past I felt compelled to offer to help.

The project itself was simple enough: take this text file and put its contents into an Access database. The process has reminded me about why I like software development, and why I miss it.

Over the course of the next couple of weeks we went through a half-dozen iterations of the application, much in the same way that I would have worked with end-users inside our business unit at work. It allowed me to work through a problem, understanding the true nature of the business problem that he was trying to solve, not necessarily just the problem as it was described in the initial requirements discussion.

I had the chance to pull out skills that I hadn’t exercised much in the past couple of years since my job role has changed, which was a great shift for me. It’s given me the push I needed to get the podcast going, and to dive in to a few of my other projects with a bit more gusto. Software is a craft, and its one that I need to continue to hone as time moves forward. I could probably be considered little more than an apprentice right now, but with the entire Internet as my journeyman instructor I should be able to earn my ticket in the months to come.

32 Great Podcasts from my Podroll

Inspired by this post from Bill Wagner’s blog, here’s a quick look at what’s on my Podroll these days. I’ve listed each show below with its affiliated network or originating broadcaster in parentheses. Please have a look through the list and post any other great shows in the comments. I’d also love to know what you think about the recommendations!

Science & Technology Shows

Aussie Geek Podcast – Bloody Awesome Tech. Two Aussies (Dave and Cait) and a Canadian (that’s me!) put their unique slants on the technology news, applications sites and services each week (or so).

CommandN – Amber Macarthur and friends bring you a weekly dose of tech news.

Digital Planet (BBC) – The BBC’s weekly technology show looking at trends in tech and how they affect your daily life, hosted by Gareth Mitchell.

Discovery (BBC) – A weekly science documentary examining hot trends and profound topics in the world of science.

Knightcast – Tuning tech into your way of life, Knightwise offers a look at ways to make technology work for you, instead of the other way around.

Mac OS Ken – A daily dose of Mac (and iPhone) news delivered by the sarcastic, funny and insightful Ken Ray.

One Minute Tip (TP) – Byte-sized pieces of knowledge to help you be just a bit more productive with your everyday tech.

Podcasters’ Emporium (LPN) – James Williams and Dave Gray cover all the topics you need to know to become a better podcaster.

Quirks and Quarks (CBC) – Bob MacDonald’s weekly look at science and technology from the CBC mothership. The show looks at new and emerging sciences and technologies, often with an eye towards how they affect our environment.

Run As Radio (PWOP) – Richard Campbell and Greg Hughes provide a weekly batch of insightful trends and topics for the IT pro.

Security Now (TWiT) – Steve Gibson’s weekly dose of security news and security-related topics is very insigtful (even better if you skip over Leo Laporte’s TWiT ads).

Search Engine (TVO) – Jesse Brown’s brutally honest opinions and reviews of life in the Internet age.

The Skeptic’s Guide to the Universe – Members of the New England Skeptical Society debunk the myths and frauds of the scientific age.

The Skeptic’s Guide 5×5 – A shorter companion podcast for the Skeptic’s Guide to the Universe.

Spark (CBC) – Focusing on the softer side of tech, trends and how these things work their way into our day-to-day lives.

Software Development Shows

Hanselminutes (PWOP) – Scott Hanselman’s weekly look at software and technology topics with his inside the MS machine take on things.

Herding Code – A group of “real-world” developers discussing topics and technology that affect code-slingers everywhere.

.NET Rocks! (PWOP) – .NET Rocks brings together the incomparable Carl Franklin and Richard Campbell who interview cool and interesting people in the Microsoft developer space.

Polymorphic Podcast – Craig Shoemaker’s periodic exploration of software and best practices for .NET developers was one of the first software podcasts I started listening to.

Stack Overflow – Jeff atwood and Joel Spolsky’s companion podcast to the Stack Overflow Q&A site project. A weekly chat about the project, interesting Stack Overflow questions and other software topics.

Humour & Entertainment Shows

Mondays (PWOP) – Mondays is a comedy show from the crew at PWOP that’s released on a somewhat sporadic basis. This one’s definitely NSFW — unless you have headphones. =)

Star Trek: Defiant – A fan-fiction podcast set a number of years after the events in Star Trek: Nemesis. Produced by the crew at Pendant Audio with a fairly talented voice crew. It’s a good listen.

Two Schooners (LPN) – Dave Gray and James Williams get together again for a somewhat less serious show covering the weird and hilarious stories of the week over a schooner of their favourite brew.

Business / News Shows

Campbell’s Comment (CKNW) – Michael Campbell’s daily business comment.

Get It Done Guy (QD Tips) – Sever Robins provides great productivity tips, business tips and general “how-to-cope-with-life-after-college” tips.

Modern Manners Guy (QD Tips) – The Modern Manners Guy’s advice on how not to inconvenience those around you.

Nutrition Diva (QD Tips) – Eat better, and learn about food myths that’ll keep you on the healthy track.

Reality Check (CKNW) – Bruce Allen’s pull-no-punches daily comment about social issues and pop culture.

Sports Comment (CKNW) – Neil McRae and others provide a comment on the sports world from a Vancouver perspective.

Grammar / Language Shows

Grammar Girl (QD Tips) – Mignon Fogarty’s weekly language show will help you tackle the tricky issues of trying to write successfully in the English language.

Kalye Speak – Learn tagalog as filipino’s actually speak it. By far the most successful podcast of its kind.

Podictionary – Charles Hodgeson gives great background on the etymology of words that we use every day. The show is insightful, fun and concise.

It’s been fun putting this list together. I’d love to hear your comments on these shows, or others that you listen to regularly.

Top 4 iPod Touch Applications that I’ve Paid For

Over the past decade or so I’ve become a strong believer in paying for media that I consume — not surprisingly this coincides with my ability to afford to buy stuff. In the spirit of promoting the concept of paying back those who provide us with great software, I give you my Top 4 iPod Touch Applications that I’ve actually purchased.

1Password

1Password is a password manager for MacOS X which late last year released a version of their application which works with the iPhone and iPod touch. Both the desktop and handheld versions of the application are brilliant and provide a great credential management service for those running the appropriate devices. If you’re a slider like many of us are starting to become, it may not be the solution for you since there’s no version of 1Password available for Windows or any flavour of Linux.

Website | App store | Twitter

Crayon Physics

Again coming from desktop-based roots Crayon Physics is a simplistic looking game for the iPod Touch. The goal is simple, draw the tools you need to get the ball to the goal. The trick is you need to be able to anticipate how those tools will react to gravity, friction and impacts with other objects. Give Crayon Physics a try if you want a game that’s challenging enough to make you think, but easy enough to actually complete.

Note: the desktop version was licensed by Kloonigames to Hudson Soft, so they’re technically not related.

Website | App store

iShoot

iShoot is a great replication of games that were super-popular in the early 1990s like Worms and my favourite Scorched Earth. Battle it out with the computer or up to three other human players in a tank-on-tank-on-tank-on-tank battle with weird and wonderful weapons of all kinds. A recent release of the game also includes the ability to define your own rules, terrains and weapons making it a truly personalized experience.

Website | App store | Twitter

SpaceTrader

Modelled after games with the same name on other platforms, and of course loosely based on Wing Commander: Privateer, SpaceTrader allows you to fly from planet to planet as a trader in an effort to make as much money as possible. This game is the only 3D entry on the list with a fairly rich 3D environment that you can walk around and explore. I had some memory issues with this game early on, but working with the developer and sending in some crash logs a newer release seems to have licked that problem. Give this a try as a neat alternative to the 2D side scrollers.

Website | App store

Which applications have you purchased? Or are you more of a JailBreak type? Party in the comments…

Windows 7 RTM in July??

Tonight the tubes of the Interwebs are all atwitter with rumours that Microsoft may reach the release-to-manufacturer (RTM) milestone for Windows 7 in July. The date being bandied about is July 13th which coincides with a Microsoft event in New Orleans.

This is stunning news particularly when thinking back to the release of Windows Vista 18 months ago. Vista was pushed back a number of times and the delays caused the operating system no end of grief when the OS failed to meet the expectations of consumers when it hit the street in 2007.

A Windows 7 RTM in July would mean that desktops and laptops enabled with Windows 7 may be ready for consumers in time for the key back-to-school buying season. Add to this that PC vendors like Alienware are already selling Windows Vista licenses with a Windows 7 upgrade offer; and that Microsoft is taking pre-orders for the OS, and it really smells like Windows 7 is not far off.

Sources: Ars Technica, Geeksmack, @Codinghorror